From owner-freebsd-isp Tue Oct 6 23:03:26 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA16589 for freebsd-isp-outgoing; Tue, 6 Oct 1998 23:03:26 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from gjp.erols.com (alex-va-n008c079.moon.jic.com [206.156.18.89]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA16583 for ; Tue, 6 Oct 1998 23:03:24 -0700 (PDT) (envelope-from gjp@gjp.erols.com) Received: from gjp.erols.com (gjp@localhost.erols.com [127.0.0.1]) by gjp.erols.com (8.8.8/8.8.7) with ESMTP id CAA05210; Wed, 7 Oct 1998 02:02:52 -0400 (EDT) (envelope-from gjp@gjp.erols.com) X-Mailer: exmh version 2.0.1 12/23/97 To: "Jeffrey J. Mountin" cc: Graeme Tait , freebsd-isp@FreeBSD.ORG From: "Gary Palmer" Subject: Re: How to share accounts between mail/pop and web servers? In-reply-to: Your message of "Tue, 06 Oct 1998 22:24:38 CDT." <3.0.3.32.19981006222438.00f7f438@207.227.119.2> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 07 Oct 1998 02:02:51 -0400 Message-ID: <5206.907740171@gjp.erols.com> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Jeffrey J. Mountin" wrote in message ID <3.0.3.32.19981006222438.00f7f438@207.227.119.2>: > At least with my suggestion along with using a /some/where/else/passwd file, > it's easy to share the passwords. All the popular servers that I've used (qpopper, sendmail, apache, etc) can work with non-getpass* routines with minimal work. This also drastically increases the security of the machine, as the real password information can be kept hidden from the daemons and hence from the outside world. It also gets around UID limits inherent in some systems (e.g. NFS, other unixes), as you don't need to assign unique UID's either (although stuff like ftpd, apache, etc needs work to stop people from having access to other peoples files) > At least until his users number in the 10's of thousands on up, which just > begs to have a central location for user vitals. Anywhere over 10k also begs not to be using the berkeley DB format. Put your information into Postgres, MySQL, etc and then generate CDB files regularly and push them out to the servers. Or use LDAP (if you can find a server which (a) works, (b) isn't netscape, and (c) scales) But don't use DBM. It gets really slow to build the larger files. Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message